the pattern here allows the user to enter between 2 and 20 alpha-numerics.
If the pattern does not match strErrFname is assigned the value "check this field" which you can output next to the offending field.

Hope that helps.

if you have really just posted your email server password on the internet i would change it now.

crmpicco

04-11-2006, 12:21 PM

no, it is a dummy name - thanks for that!

crmpicco

04-11-2006, 01:13 PM

thanks chud_wallice, i implemented that code and have SS email validation, are there any other avenues to look out for. i have been told hackers can access your server just from a drop-down menu.

chud_wallice

04-11-2006, 02:15 PM

Well if your page is at

http://www.yoursite.com/mycontactform.asp

and some 'nice' person wrote a page with a form that posts to yours, as long as the name attributes of the form elements are the same as yours, any information could be entered- even if it's not on your list.

You could implement regExp functions on your selects or the minimum security that my host requires is that you check the refering page.

the pattern here allows the user to enter between 2 and 20 alpha-numerics.
If the pattern does not match strErrFname is assigned the value "check this field" which you can output next to the offending field.

Hope that helps.

Here is a question though, when the server scans the email for header information does it all of to be continous? If not, your regex doesn't really stop an email injection attack. A more specific regex would be: